Lucene search

K
ubuntucveUbuntu.comUB:CVE-2007-5966
HistoryDec 20, 2007 - 12:00 a.m.

CVE-2007-5966

2007-12-2000:00:00
ubuntu.com
ubuntu.com
13

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%

Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the
Linux kernel before 2.6.23.10 allows local users to execute arbitrary code
or cause a denial of service (panic) via a large relative timeout value.
NOTE: some of these details are obtained from third party information.

Bugs

Notes

Author Note
jdstrand local DoS with speculation of arbitray code execution (but it’s not confirmed), so setting to medium for now.
OSVersionArchitecturePackageVersionFilename
ubuntu6.10noarchlinux-source-2.6.17<Β 2.6.17.1-12.43UNKNOWN
ubuntu7.04noarchlinux-source-2.6.20<Β 2.6.20-16.34UNKNOWN
ubuntu7.10noarchlinux-source-2.6.22<Β 2.6.22-14.51UNKNOWN

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%